Srsly Risky Biz: The four hour cyber war on Iran

Risky Bulletin: Srsly Risky Biz – The Four Hour Cyber War on Iran

Podcast: Risky Bulletin (Risky Business Media)
Date: March 5, 2026
Host: Amberly Jack
Guest: Tom Uran (Policy and Intelligence Editor)

Episode Overview

This episode dives into the pivotal role of cyber operations in the recent military strikes on Iran, marking the first time such tactics have been publicly acknowledged in real-world conflict. The discussion centers on the short but intense window where cyber played a decisive role, the orchestration required for successful digital operations in warfare, and the psychological/information aspects targeting both leadership and the wider public. The latter half explores evolving cyber threats fostered by AI, highlighting how adversaries and defenders alike are adapting at speed, but not necessarily changing the fundamentals of the threat landscape.

1. Cyber's Role in the Iran Conflict

Immediate and Public Cyber Operations

Key Point: Israel’s cyber penetration of Iranian infrastructure was central to the initial attacks—details immediately acknowledged by official sources and the media, which is a novel level of transparency for cyber in kinetic conflict.
Quote:
- “This is sort of the first time that there has been an immediate and public acknowledgement and quite a detailed one about cyber's role in military conflict.” (A, 00:38)

Intelligence Gathering and Attack Orchestration

Israel extensively compromised Tehran’s mobile networks and gained access to nearly every traffic camera, enabling them to track patterns of life and confirm intelligence in real time.
Quote:
- “They go straight to having access to almost every traffic camera in Tehran... both mobile phones and traffic cameras are complementary... that real time intelligence was used to confirm that, yes, this meeting is actually going ahead.” (B, 01:11)
The operation targeted a meeting of senior leadership, aiming for decapitation—enabled by a mix of human intel and cyber for confirmation and support.
Quote:
- "A strike to try and kill a whole swathe of senior leadership all at once. And that I believe was humint, or they say it's humint, but the traffic cameras and the mobile phones, that real time intelligence was used to confirm..." (B, 01:41)

Disruption of Iranian Communications

Mobile towers were manipulated to prevent warning messages from reaching the protection detail around Khamenei’s compound.
Quote:
- “The mobile towers in the vicinity of the compound were diddled with somehow so that warning messages could not get through to Khamenei’s protection detail. So that is a really nice orchestration of different cyber capabilities…” (B, 02:39)

Importance of Preparation

Operations like this require months to years of groundwork. Israel’s efforts were described as a multi-decade priority.
Quote:
- “This is a classic example of doing long term groundwork ... The Financial Times talks about Iran being a priority for Israel for 20 years.” (B, 04:05)

2. Psychological and Informational Campaigns

Use of Popular Apps for Influence

A widely-used Iranian prayer app was co-opted to send anti-regime messages immediately following the attack, encouraging dissent and targeting military personnel.
Quote:
- “It started to push out messages ... encouraging people to resist the regime. There's messages particularly aimed at military people... psychological warfare.” (B, 04:45–05:59)
Unclear impact, but possible intelligence value from collected location data.

3. The Four-Hour Cyber War: The Short Window

Iran Shuts Down the Internet

Within four hours, Iran cut off national internet access—a drastic but anticipated defensive response.
Quote:
- “Iran actually turned off the Internet for the entire country a couple of hours later. So that's where the short window of opportunity comes in.” (A, 07:59)
- “This is like so far the biggest example of cyber overmatch... it seems like they're totally owned... And the more that you get totally owned and controlled by cyber means, the more likely it is that the victim government... will just pull the switch and turn off the Internet.” (B, 08:11)
Such abrupt actions are less likely in an evenly-matched conflict, but the initial cyber “overmatch” incentivizes rapid, blunt countermeasures.
Quote:
- “I think that there is a dynamic where if you're being pummeled in cyberspace, there are things you can do like cutting off access and switching off the Internet... There could well be a sort of self limiting dynamic where at the beginning of a conflict you can kick some goals because no one's prepared, you’ve had time to line it up, they haven't had time to respond...” (B, 09:32)

Key Insight

The effectiveness of cyber ops is transient; adversaries will ultimately react, closing the window. Preparation and surprise are key.
Quote:
- “You've got time and space to plan, that's the best time to use cyber operations... They can be executed very quickly, it takes a long time to plan them... and it's really bringing the pieces together for that moment now.” (B, 02:37, 04:45)

4. AI and the Shifting Threat Landscape

Speed, Not Novelty

AI is accelerating the pace and efficiency of cybercrime, especially in phishing and social engineering, but not introducing truly new forms of attack.
Quote:
- “It’s like the ocean is rising. It's still the same ocean. You're just underwater now.” (B, 11:58)
- “The take home message was things are a lot faster, but they're not doing totally new and different things... it's the same stuff, just more of it and faster.” (B, 11:58)

AI-Enhanced Phishing and Targeting

Attackers use large language models to polish their phishing lures, tailor tone, and produce realistic fake assets (e.g. legal documents).
Segmentation allows for highly specific, believable targeting.
Quote:
- “One of the examples in an OpenAI report was that there was a group that was pretending to be lawyers and legal professionals... but they were using an LLM to say, use language, lawyer speak to, to reach out to these people.” (B, 12:25)
- “Increasing... market segmentation for criminals and that they're targeting narrower and narrower slices.” (B, 14:33)
Typos and bad grammar are no longer reliable signals to users.
Quote:
- “That advice that… if your bank doesn’t know how to spell, it’s probably not your bank is maybe not so accurate anymore.” (A, 14:02)
- “That’s all gone out the window. Like there’s AI will get those things right.” (B, 14:15)

Democratization of Advanced Attacks

Prototyping sophisticated spear phishing via AI is now fast and accessible, lowering the barrier for less-resourced attackers.
Quote:
- “Trend Micro prototyped LinkedIn... targeted phishing message machine... in a day ... that type of campaign within the reach of less sophisticated groups.” (B, 16:18)

5. Implications for Security Defenders

Defenders Must Adapt Faster

Defenders need to adopt AI themselves and automate practices, but ultimately must have strong security hygiene in place in advance.
Quote:
- “I think AI will also help defenders be faster and quicker and respond better.” (B, 17:31)
Defensive success depends on preparation, not just automated machine response.
Quote:
- “If you're relying on machines to do things to protect you, like it's too late in a sense... you can't rely on a machine to go, oh, there's a new attack, let me do everything right now.” (B, 18:23)
The ‘security equilibrium’ will settle at a new, higher pace—accepting some degree of loss.
Quote:
- “There'll be bad consequences for business and that'll justify ramp up in security... and then that ramp up will reach that equilibrium again where people are... happy. There's an acceptable amount of loss, damage, scamming the business can wear...” (B, 19:15)

Notable Quotes & Moments

On cyber's fleeting advantage: “Here for a good time, not for a long time.” (B, 01:11)
On digital overmatch: “It's, you know, it seems like they're totally owned, like, you know, traffic cameras, prayer apps, mobile networks.” (B, 08:11)
On defender strategy: “Learn to swim very fast.” (B, 11:58)

Timestamps for Major Segments

[00:38–04:45] — How Israeli cyber operations shaped the timing and execution of military strikes
[04:45–07:59] — Cyber-enabled influence and psychological operations in Iran
[07:59–09:08] — Iran’s national internet shutdown: the cyber “window of opportunity” closes
[09:08–11:32] — Parallels with China, escalation, and limits of cyber in conflict
[11:32–18:12] — The impact of AI on cybercrime speed, phishing sophistication, and segmentation
[18:12–20:25] — Defending in the AI era: new equilibrium, defender strategies, and consequences

Summary:
This episode illuminates how deeply cyber operations can shape—and limit—the outcomes and tempo of modern conflicts, as demonstrated in the Iran strikes. It also maps out the new normal for defenders: a world moving faster, where preparation and automation are essential, conventional wisdoms about threat detection are obsolete, and the line between offense and defense is rapidly shifting thanks to AI-enhanced tactics.

Risky Bulletin: Srsly Risky Biz – The Four Hour Cyber War on Iran

Podcast: Risky Bulletin (Risky Business Media)
Date: March 5, 2026
Host: Amberly Jack
Guest: Tom Uran (Policy and Intelligence Editor)

Episode Overview

1. Cyber's Role in the Iran Conflict

Immediate and Public Cyber Operations

Key Point: Israel’s cyber penetration of Iranian infrastructure was central to the initial attacks—details immediately acknowledged by official sources and the media, which is a novel level of transparency for cyber in kinetic conflict.
Quote:
- “This is sort of the first time that there has been an immediate and public acknowledgement and quite a detailed one about cyber's role in military conflict.” (A, 00:38)

Intelligence Gathering and Attack Orchestration

Israel extensively compromised Tehran’s mobile networks and gained access to nearly every traffic camera, enabling them to track patterns of life and confirm intelligence in real time.
Quote:
- “They go straight to having access to almost every traffic camera in Tehran... both mobile phones and traffic cameras are complementary... that real time intelligence was used to confirm that, yes, this meeting is actually going ahead.” (B, 01:11)
The operation targeted a meeting of senior leadership, aiming for decapitation—enabled by a mix of human intel and cyber for confirmation and support.
Quote:
- "A strike to try and kill a whole swathe of senior leadership all at once. And that I believe was humint, or they say it's humint, but the traffic cameras and the mobile phones, that real time intelligence was used to confirm..." (B, 01:41)

Disruption of Iranian Communications

Mobile towers were manipulated to prevent warning messages from reaching the protection detail around Khamenei’s compound.
Quote:
- “The mobile towers in the vicinity of the compound were diddled with somehow so that warning messages could not get through to Khamenei’s protection detail. So that is a really nice orchestration of different cyber capabilities…” (B, 02:39)

Importance of Preparation

Operations like this require months to years of groundwork. Israel’s efforts were described as a multi-decade priority.
Quote:
- “This is a classic example of doing long term groundwork ... The Financial Times talks about Iran being a priority for Israel for 20 years.” (B, 04:05)

2. Psychological and Informational Campaigns

Use of Popular Apps for Influence

A widely-used Iranian prayer app was co-opted to send anti-regime messages immediately following the attack, encouraging dissent and targeting military personnel.
Quote:
- “It started to push out messages ... encouraging people to resist the regime. There's messages particularly aimed at military people... psychological warfare.” (B, 04:45–05:59)
Unclear impact, but possible intelligence value from collected location data.

3. The Four-Hour Cyber War: The Short Window

Iran Shuts Down the Internet

Within four hours, Iran cut off national internet access—a drastic but anticipated defensive response.
Quote:
- “Iran actually turned off the Internet for the entire country a couple of hours later. So that's where the short window of opportunity comes in.” (A, 07:59)
- “This is like so far the biggest example of cyber overmatch... it seems like they're totally owned... And the more that you get totally owned and controlled by cyber means, the more likely it is that the victim government... will just pull the switch and turn off the Internet.” (B, 08:11)
Such abrupt actions are less likely in an evenly-matched conflict, but the initial cyber “overmatch” incentivizes rapid, blunt countermeasures.
Quote:
- “I think that there is a dynamic where if you're being pummeled in cyberspace, there are things you can do like cutting off access and switching off the Internet... There could well be a sort of self limiting dynamic where at the beginning of a conflict you can kick some goals because no one's prepared, you’ve had time to line it up, they haven't had time to respond...” (B, 09:32)

Key Insight

The effectiveness of cyber ops is transient; adversaries will ultimately react, closing the window. Preparation and surprise are key.
Quote:
- “You've got time and space to plan, that's the best time to use cyber operations... They can be executed very quickly, it takes a long time to plan them... and it's really bringing the pieces together for that moment now.” (B, 02:37, 04:45)

4. AI and the Shifting Threat Landscape

Speed, Not Novelty

AI is accelerating the pace and efficiency of cybercrime, especially in phishing and social engineering, but not introducing truly new forms of attack.
Quote:
- “It’s like the ocean is rising. It's still the same ocean. You're just underwater now.” (B, 11:58)
- “The take home message was things are a lot faster, but they're not doing totally new and different things... it's the same stuff, just more of it and faster.” (B, 11:58)

AI-Enhanced Phishing and Targeting

Attackers use large language models to polish their phishing lures, tailor tone, and produce realistic fake assets (e.g. legal documents).
Segmentation allows for highly specific, believable targeting.
Quote:
- “One of the examples in an OpenAI report was that there was a group that was pretending to be lawyers and legal professionals... but they were using an LLM to say, use language, lawyer speak to, to reach out to these people.” (B, 12:25)
- “Increasing... market segmentation for criminals and that they're targeting narrower and narrower slices.” (B, 14:33)
Typos and bad grammar are no longer reliable signals to users.
Quote:
- “That advice that… if your bank doesn’t know how to spell, it’s probably not your bank is maybe not so accurate anymore.” (A, 14:02)
- “That’s all gone out the window. Like there’s AI will get those things right.” (B, 14:15)

Democratization of Advanced Attacks

Prototyping sophisticated spear phishing via AI is now fast and accessible, lowering the barrier for less-resourced attackers.
Quote:
- “Trend Micro prototyped LinkedIn... targeted phishing message machine... in a day ... that type of campaign within the reach of less sophisticated groups.” (B, 16:18)

5. Implications for Security Defenders

Defenders Must Adapt Faster

Defenders need to adopt AI themselves and automate practices, but ultimately must have strong security hygiene in place in advance.
Quote:
- “I think AI will also help defenders be faster and quicker and respond better.” (B, 17:31)
Defensive success depends on preparation, not just automated machine response.
Quote:
- “If you're relying on machines to do things to protect you, like it's too late in a sense... you can't rely on a machine to go, oh, there's a new attack, let me do everything right now.” (B, 18:23)
The ‘security equilibrium’ will settle at a new, higher pace—accepting some degree of loss.
Quote:
- “There'll be bad consequences for business and that'll justify ramp up in security... and then that ramp up will reach that equilibrium again where people are... happy. There's an acceptable amount of loss, damage, scamming the business can wear...” (B, 19:15)

Notable Quotes & Moments

On cyber's fleeting advantage: “Here for a good time, not for a long time.” (B, 01:11)
On digital overmatch: “It's, you know, it seems like they're totally owned, like, you know, traffic cameras, prayer apps, mobile networks.” (B, 08:11)
On defender strategy: “Learn to swim very fast.” (B, 11:58)

Timestamps for Major Segments

[00:38–04:45] — How Israeli cyber operations shaped the timing and execution of military strikes
[04:45–07:59] — Cyber-enabled influence and psychological operations in Iran
[07:59–09:08] — Iran’s national internet shutdown: the cyber “window of opportunity” closes
[09:08–11:32] — Parallels with China, escalation, and limits of cyber in conflict
[11:32–18:12] — The impact of AI on cybercrime speed, phishing sophistication, and segmentation
[18:12–20:25] — Defending in the AI era: new equilibrium, defender strategies, and consequences

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Risky Bulletin: Srsly Risky Biz – The Four Hour Cyber War on Iran

Episode Overview

1. Cyber's Role in the Iran Conflict

Immediate and Public Cyber Operations

Intelligence Gathering and Attack Orchestration

Disruption of Iranian Communications

Importance of Preparation

2. Psychological and Informational Campaigns

Use of Popular Apps for Influence

3. The Four-Hour Cyber War: The Short Window

Iran Shuts Down the Internet

Key Insight

4. AI and the Shifting Threat Landscape

Speed, Not Novelty

AI-Enhanced Phishing and Targeting

Democratization of Advanced Attacks

5. Implications for Security Defenders

Defenders Must Adapt Faster

Notable Quotes & Moments

Timestamps for Major Segments

Summary

Risky Bulletin: Srsly Risky Biz – The Four Hour Cyber War on Iran

Episode Overview

1. Cyber's Role in the Iran Conflict

Immediate and Public Cyber Operations

Intelligence Gathering and Attack Orchestration

Disruption of Iranian Communications

Importance of Preparation

2. Psychological and Informational Campaigns

Use of Popular Apps for Influence

3. The Four-Hour Cyber War: The Short Window

Iran Shuts Down the Internet

Key Insight

4. AI and the Shifting Threat Landscape

Speed, Not Novelty

AI-Enhanced Phishing and Targeting

Democratization of Advanced Attacks

5. Implications for Security Defenders

Defenders Must Adapt Faster

Notable Quotes & Moments

Timestamps for Major Segments